This wiki has undergone a migration to Confluence found Here
HL7 January 2018 - New Orleans US MINUTES
Contents
MINUTES WGM New Orleans 29th January to 2nd February 2018
Monday Q3
Joint CBCP - Security
See CBCC Minutes
Monday Q4
Joint CBCC - Security
See CBCC Minutes
Tuesday Q1
Opening Security WG Meeting
Attendees:
- Trish Williams trish.williams@flinders.edu.au
- John Moehrke John.Moehrke@gmail.com
- Alexander Mense alexander.mense@hl7.at
- Kathleen Connor Kathleen.connor@comcast.net
- Mike Davis mike.davis@va.gov
- Chris Shawn christopher.shawn@va.gov
- David Pyke david.pyke@readycomputing.com
- Suzanne Webb suzanne.webb@bookzurman.com
- <to be completed>
Chaired by Trish
- Introductions
- Approval of agenda
- International Report outs
- Japan:
- EU:
- Australia:
- Liaison Reports: ISO, IHE, ONC
- ISO (Hide)
- IHE (John)
- OASIS (Mike)
Agenda items deferred to Q4
- FHIR Security Report out - John Moehrke
- HL7 Project status and updates:
- Is Privacy Obsolete Study Group - Mike Davis
- Trust Framework & S&P DAM - Next Steps - Mike Davis and Chris Shawn
Tuesday Q2
Joint with CBCP - FHIR CCDE Connectathon Report Out/TEFCA Comments
USA TEFCA Trust Exchange Framework and Common Agreement
Discussion to be centred on sharing with Protections - TEFCA Minimum Necessary given expanded Purposes of Use - Provisioning with ABAC Clearances & Security Labels
- Description:
- Goals for authenticating and developing common set of rules and org policies and process for adjudicating and filing non-compliance.
- It defines how to exchange between all participants would be obligated to meet. Also, it sets up a new entity (3rd party) for deciding health information for the nation exchange- and there will be one organisation for the central management of exchange.
- Document link:
- It uses 6 principles – one includes sec safety and patient safety
- Use case: Emergence access is not one of the purposes of use.
- Failure recently with VA as asking for information during the fires was not possible. Software hardcoded so couldn’t ask for info.
- HL7 standard provides for the sharing of info and overrides any other rules on sec – patient safety wins. Purpose of use needs an emergency code/disaster. Operation and provision of services
- Emergency tracking of patient whatever the origin – is already created in OASIS
- Distribution Element (DE) is a method that can be used for patient data routing but needs input on how to transport and how to secure from SECWG.
- Consider FHIR-I project transfer and other methods. Direct Project is not suitable but other options are available.
- Need to consider actors in exchange (FHIR over HTTP for instance)
- Document includes minimum requirements for security (section 6.2). It includes reference to various standards for each requirement.
- HL7 comments in relation to use of HL7 standards
- HL7 interest is the SLS.
- WG discussion on the potential amendment and additions to document. Jonathon Coleman captured for the HL7 comments.
Findings from CCDE Connectathon
Tuesday Q3
Joint CBCP, Hosting Security
- CBCP is also Joint with Attachments for eLTSS presentation - should send Reps
- ONC Research Patient Choice presentation by REACHnet Kyle Bradford
- WG Recruitment Strategies
Tuesday Q4
Security PSAF Work Session
- New FHIM P&S Station - Jay Lyle &/or Galen Mulrooney to present
- Review Proposed May TF4FA & S&P DAM Ballot Material
- Security should send rep to joint Attachment with FM for eLTSS Security
Wednesday Q1
Joint with EHR, CBCP, FHIR, SOA, Security(EHR hosting)
See EHR Minutes
To include in-depth discussion about:
- Is Privacy Obsolete? Study Group Findings - Mike Davis
- TF4FA and S&P DAM updates - Mike Davis and Chris Shawn
Wednesday Q2
No meeting
Wednesday Q3
xxxxx
Wednesday Q4
xxxxx
Thursday Q1
xxxxx
Thursday Q2
xxxxx